Artificial Intelligence-Based Lateral Movement Identification Tool

1. A computing platform comprising: a processor; and memory storing instructions that, when executed by the processor, cause the computing platform to: identify, from real-time monitored network communications, a communication between the computing platform and a computing device; determine, by an artificial intelligence engine and based on an indication of a risk factor associated with the communication and based on an indication of a user group, a probability that the communication corresponds to an unauthorized lateral movement event on a network, wherein the risk factor is associated with a network security risk and wherein the user group comprises a group of users having a same set of user group permissions on an enterprise network associated with the monitored network communications; and trigger, based on the probability, an alert identifying the risk factor that the communication between the computing platform and the computing device corresponds to the unauthorized lateral movement event on the network, wherein the alert comprises a risk score corresponding to a weighted combination of a plurality of lateral movement parameters.

2. The computing platform of claim 1, wherein the instructions, when executed, cause the computing platform to aggregate information from a plurality of network communication services and data logs, wherein the information corresponds to a plurality of network communication connections to and from the computing platform.

3. The computing platform of claim 2, wherein the instructions, when executed cause the computing platform to correlate messages, in real time, with the aggregated information to actively detect an indication of lateral movement on the network.

4. The computing platform of claim 1, wherein the instructions, when executed cause the computing platform to send, via a telecommunications network, the alert to a second user computing device.

5. The computing platform of claim 1, wherein the communication between the computing platform and the computing device comprises a file transfer.

6. The computing platform of claim 1, wherein the risk factor comprises one or more of a plurality of risk factors, wherein an indication of the unauthorized lateral movement event on the network comprises a weighted combination of the plurality of risk factors and wherein the plurality of risk factors comprise one or more of a time associated with the communication between the computing platform and the computing device and user group permissions corresponding to a user associated with the communication.

7. The computing platform of claim 1 wherein the computing platform comprises a local host computing device.

8. The computing platform of claim 1 wherein the computing device is communicatively coupled to a network and sends communications via the network and receives communications from the network.

9. A system comprising: a computing device sending and receiving communications via a network; a local host computing device comprising: a processor; and memory storing instructions that, when executed by the processor, cause the local host computing device to: identify, in real time, a communication between the local host computing device and the computing device, wherein the communication is identified from a plurality of communications associated with the computing device and a user group; determine, by an artificial intelligence engine and based on a risk factor associated with the communication and based on the user group, a probability that the communication corresponds to an unauthorized lateral movement event on the network, wherein the risk factor is associated with network security risk and wherein the user group comprises a group of users having a same set of user group permissions on an enterprise network associated with the monitored network communications; and trigger, based on the probability, an alert identifying the probability that the communication corresponds to the unauthorized lateral movement event on the network, wherein the alert comprises a risk score corresponding to a weighted combination of a plurality of lateral movement parameters.

10. The system of claim 9, wherein the instructions, when executed, cause the local host computing device to: aggregate, from a plurality of network communication services and data logs, information corresponding to a plurality of network communication connections associated with the local host computing device; and correlate, in real time, messages with the aggregated information to actively detect an indication of lateral movement on the network.

11. The system of claim 9, wherein the instructions, when executed sending, via a telecommunications network, the alert to a remote user computing device.

12. The system of claim 9, wherein the communication between the local host computing device and the computing device comprises a file transfer.

13. The system of claim 9, wherein an indication of the unauthorized lateral movement event on the network comprises a risk score corresponding to a weighted combination of risk factors.

14. The system of claim 13, wherein the risk factors comprise one or more of a time associated with the communication between the local host computing device and the computing device and a user group corresponding to a user associated with the communication.

15. A method comprising: identifying, in real time by a lateral movement identification tool and from a plurality of monitored network communications associated with a user group, an indication of a file transfer between a first host device and a second host device; determining, by an artificial intelligence engine and based on a risk factor of a plurality of risk factors associated with the user group, a probability that the indication that the file transfer corresponds to a possible unauthorized lateral movement event on the network, wherein the plurality of risk factors comprise different factors associated with network security risk and wherein each user of the user group has common user group permissions on an enterprise network associated with the monitored network communications; and sending, based on the probability, an alert identifying the possible unauthorized lateral movement event on the network, wherein the alert comprises a risk score corresponding to a weighted combination of a plurality of lateral movement parameters.

16. The method of claim 15, wherein the lateral movement tool is distributed over a plurality of computing devices.

17. The method of claim 15, wherein a portion of lateral movement identification tool is installed on the first host device.

18. The method of claim 15, comprising: aggregating information from a plurality of network communication services and data logs, wherein the information corresponds to a plurality of network communication connections to and from the first host device; and correlating messages, in real time, with the aggregated information to actively detect an indication of lateral movement on the network.

19. The method of claim 15, wherein sending the alert comprises providing an indication of the alert on a user interface device and identifying the file transfer.

20. The method of claim 15, wherein alert comprises a risk score corresponding to a weighted combination of the plurality of risk factors.